Chapter 11. DHCP and DNS Security

Lots of elements are involved in a healthy network. Many are provided by hardware, such as the routing and switching of data. Others are provided by software and are frequently based on the network protocols in use. These services are often overlooked by security administrators and implementers. But attackers can use these services to launch, support, or continue an attack. In fact, denial-of-service attacks can be very effectively carried out by just attacking these services alone. This chapter explores two important services that exist on most networks but get very little security attention.

Microsoft has recognized the lack of security in DHCP and DNS. As a result, Windows Server 2003 has several security technologies that are not necessarily standards-based or fully compatible with other operating systems; however, depending on your computing environment and need for security, these technologies can prove beneficial.

In this chapter, I'll explore the core network services of DHCP and DNS. These services are essential to most IP networks today in that they respectively provide automatic addressing and name resolution. However, their security considerations and safe operations are often neglected. I'll show you how these services work, how they're vulnerable to attack, and how to protect them against those attacks when possible.